PayPal Express - 10002 security header is not valid error
-
16-10-2019 - |
Question
I am getting an error while testing PayPal Express, the error is: 10002 security header is not valid
.
The site runs on an AWS EC2 with nginx and Varnish in front. I use Turpentine for the config and hole-punching. Would this architecture have something to do with it?
I'm not testing on Sandbox mode however the live API credentials are all correct, I've reset it multiple times. I've looked through the logs but I can't find anything significant.
2014-01-31T05:47:11+00:00 ERR (3):
exception 'Mage_Core_Exception' with message 'PayPal NVP gateway errors: Security header is not valid (#10002: Security error). Correlation ID: 60e76cc8d89c5. Version: 72.0.' in /var/www/app/Mage.php:580
Perhaps the following might be relevant? The token is empty:
==> payment_paypal_express.log <==
2014-01-31T05:22:42+00:00 DEBUG (7): Array
(
[url] => https://api-3t.paypal.com/nvp
[GetExpressCheckoutDetails] => Array
(
[TOKEN] =>
[METHOD] => GetExpressCheckoutDetails
[VERSION] => 72.0
[USER] => ****
[PWD] => ****
[SIGNATURE] => ****
[BUTTONSOURCE] => Varien_Cart_EC_AU
)
[response] => Array
(
[TIMESTAMP] => 2014-01-31T05:22:42Z
[CORRELATIONID] => 5bcdb0da70494
[ACK] => Failure
[VERSION] => 72.0
[BUILD] => 9285531
[L_ERRORCODE0] => 10002
[L_SHORTMESSAGE0] => Security error
[L_LONGMESSAGE0] => Security header is not valid
[L_SEVERITYCODE0] => Error
)
[__pid] => 1219
)
Solution
This is what worked for me, stange but it did the trick Magento 1.8.1 Paypal Website
First, I went into Paypal.com account and enabled all API Access
Goto Profile > Request API credentials > Set up PayPal API credentials and permissions > Add or edit API permissions
Add New Third Party, or Edit Existing Third Party the username used for Magento
I granted all permissions, probably not necessary, but I figured it couldn't hurt
Then in Magento Admin:
Go to System > Configuration > PayPal > API/Integration Settings
Remove all values from API Username, API Password and API Signature from.
Go to System > Cache Management and clear all caches.
Put the API Credentials back in
OTHER TIPS
PayPal gateway has rejected request. Invalid token (#10410: Invalid token)
Enable Express Checkout (PayPal Navigation has changed to)
Profile & Settings >> My selling tools >> API access >> Update
Enable Express Checkout
Accept >> Submit.
Check Magento Paypal setting
System >> Configuration >> Sales >> Payment Methods
Choose your PayPal option
Configue >> Set API Credential
Enable paypal
Enable this solution: Yes
Disable SSL if you do not have SSL
Enable SSL verification : No
With Development Mode
Sandbox Mode : Yes
Clear Magento Cache, Should work.
First, about error codes: https://developer.paypal.com/docs/classic/api/errorcodes/.
Second, if you haven't already, check this post: Required modifications for using Varnish on Magento CE. Maybe Varnish has cached your requests to PayPal.
Also check these articles: http://www.carlosrobles.com/blog/2010/10/magento-paypal-sandbox-paypal-gateway-has-rejected-request-security-header-is-not-valid-10002-security-error/ (this one is in Spanish, but it is understandable)
http://www.magentocommerce.com/boards/v/viewthread/205638/#t367616 http://www.exquisitelymixed.com/ecommerce/magento/paypal-gateway-has-rejected-request-security-header-is-not-valid-10002-security-error-in-magento/
New development: PayPal has discontinued support for SSL as of Jan 2015, or more accurately, requires the implementation of TLS. From what my hosting provider says, this is a support request for Apache configuration and you might be able to do this yourself if you have root access and are knowledgable. Add TLS to the server configuration and this might solve your problem, I'll come back and confirm whether this fixed it for me.
I got the same problem and found my problem is
- I type the API signature character by charter, the character "I" is similar to "l"
- As there are multiple "I" in the signature, I have to tested one by one via the link of paypal checking API credential.
- Then damn it, it works.
Therefore, copy is a better way while being careful about the spaces at the front or end.